Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
releases:22.03:notes-22.03.3 [2023/01/08 17:08] – iwinfo haukereleases:22.03:notes-22.03.3 [2023/01/09 00:59] – UniElec hauke
Line 1: Line 1:
-====== OpenWrt 22.03.3 - Service Release - January 2023 ======+====== OpenWrt 22.03.3 - Service Release - January 2023 ======
  
 <code> <code>
Line 13: Line 13:
  
 /* Uncomment when the release is still work-in-progress */ /* Uncomment when the release is still work-in-progress */
-{{page>meta:infobox:attention_wiprelease&noheader&nofooter&noeditbtn}}+/* {{page>meta:infobox:attention_wiprelease&noheader&nofooter&noeditbtn}} */
  
  
Line 46: Line 46:
 ==== Security fixes ==== ==== Security fixes ====
  
-  * CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet (low severity) +  * CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet 
-  * CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server (low severity) +  * CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server 
-  * CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. (very low severity)+  * CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
   * CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability   * CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
   * CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite   * CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite
-  * CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses +  * CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key
   * CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.    * CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections. 
  
Line 57: Line 57:
 ==== Device support ==== ==== Device support ====
  
-  * Added devices:+  * Support for the following devices was added:
     * Ruckus ZoneFlex 7372     * Ruckus ZoneFlex 7372
     * Ruckus ZoneFlex 7321     * Ruckus ZoneFlex 7321
Line 64: Line 64:
     * Linksys EA4500 v3     * Linksys EA4500 v3
     * Wavlink WS-WN572HP3 4G     * Wavlink WS-WN572HP3 4G
-  * Fix reboot loop by using LZMA loader+  * Fix reboot loop by using LZMA loader. This affects the following devices:
     * NETGEAR EX6150     * NETGEAR EX6150
     * HiWiFi HC5962     * HiWiFi HC5962
-    * ASUS RT-N56U+    * ASUS RT-N56U B1
     * Belkin F9K1109v1     * Belkin F9K1109v1
     * D-Link DIR-645     * D-Link DIR-645
Line 73: Line 73:
     * NETIS WF2881     * NETIS WF2881
     * ZyXEL WAP6805     * ZyXEL WAP6805
-  * Fix WAN mac address assignment   +  * Fix WAN mac address assignment. This affects the following devices: 
-    * Unielec 01 and 06+    * UniElec U7621-01 
 +    * UniElec U7621-06
     * TP-Link AR7241     * TP-Link AR7241
     * TP-Link TL-WR740N     * TP-Link TL-WR740N
-    * TL-WR741ND v4+    * TP-Link TL-WR741ND v4 
 +    * Teltonika RUT230 
     * Luma Home WRTQ-329ACN     * Luma Home WRTQ-329ACN
   * mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices:   * mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices:
Line 89: Line 91:
     * Linksys WRT3200ACM     * Linksys WRT3200ACM
     * SolidRun ClearFog Pro     * SolidRun ClearFog Pro
-  * Asus RT-AC88UAdd Broadcom 4366b1 firmware +  * lantiq/xrx200Enable interrupts on second VPE 
 +  * layerscape: Fix SPI-NOR issues with vendor patches
   * RouterBoard 912UAG: Fix reference clock   * RouterBoard 912UAG: Fix reference clock
   * TP-Link RE200 v3/v4: Fix LED configuration   * TP-Link RE200 v3/v4: Fix LED configuration
   * GL.iNet GL-MT1300: Fix flash access by reducing SPI clock   * GL.iNet GL-MT1300: Fix flash access by reducing SPI clock
   * Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI   * Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI
-  * lantiq/xrx200: enable interrupts on second VPEs 
   * D-Link DIR-825 B1: Add factory image recipe   * D-Link DIR-825 B1: Add factory image recipe
-  * layerscape: Fix SPI-NOR issues with vendor patches +  * D-Link DIR-825-B1: Expand rootfs
-  * D-Link DIR-825-B1: expand rootfs+
   * D-Link DGS-1210-10P: Add support for extra buttons and LEDs   * D-Link DGS-1210-10P: Add support for extra buttons and LEDs
 +  * Asus RT-AC88U: Include Broadcom 4366b1 firmware by default
   * AVM FRITZ!Box 7430: Include USB driver by default   * AVM FRITZ!Box 7430: Include USB driver by default
-  * HAOYU Electronics MarsBoard A10: Add sound driver by default+  * HAOYU Electronics MarsBoard A10: Include sound driver by default
   * Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware   * Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware
  
 ==== Various fixes and improvements ==== ==== Various fixes and improvements ====
  
-  * ucodelexer: fixes for regex literal parsing+  * firewall4Fix boot hang with firewall4 and loadfile
   * Added the following kernel packages:   * Added the following kernel packages:
-    * kmod-nvme 
-    * kmod-sched-drr 
     * kmod-sched-prio (extracted from kmod-sched)     * kmod-sched-prio (extracted from kmod-sched)
     * kmod-sched-red (extracted from kmod-sched)     * kmod-sched-red (extracted from kmod-sched)
-    * kmod-sched-act-sample 
     * kmod-sched-act-police (extracted from kmod-sched)     * kmod-sched-act-police (extracted from kmod-sched)
     * kmod-sched-act-ipt (extracted from kmod-sched)     * kmod-sched-act-ipt (extracted from kmod-sched)
 +    * kmod-sched-pie (extracted from kmod-sched)
 +    * kmod-sched-drr
     * kmod-sched-fq-pie     * kmod-sched-fq-pie
-    * kmod-sched-pie (extracted from kmod-sched)+    * kmod-sched-act-sample 
 +    * kmod-nvme
     * kmod-phy-marvell     * kmod-phy-marvell
     * kmod-hwmon-sht3x     * kmod-hwmon-sht3x
Line 121: Line 123:
     * kmod-btsdio     * kmod-btsdio
   * Added firmware files for mt7916 and mt7921 devices   * Added firmware files for mt7916 and mt7921 devices
-  * Remove dtim_period option from hostapd device, it is already a BSS property  +  * hostapd: Remove dtim_period option from device, it is already a BSS property  
-  * procd: service: pass all arguments to service+  * procd: Service: pass all arguments to service
   * ustream-openssl: Disable renegotiation in TLSv1.2 and earlier   * ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
-  * comgt-ncm: add support for quectel modem EC200T-EU+  * comgt-ncm: Add support for quectel modem EC200T-EU
   * umbim: Allow roaming and partner connections   * umbim: Allow roaming and partner connections
-  * Add support for EON EN25QX128A spi nor flash+  * kernel: Add support for EON EN25QX128A spi nor flash
   * iwinfo: Many bugfixes and improvements:   * iwinfo: Many bugfixes and improvements:
     * improvements in showing the used band, ht mode and hw mode     * improvements in showing the used band, ht mode and hw mode
Line 132: Line 134:
     * Added support for new devices (MT7921AU, MT7986 WiSoC)     * Added support for new devices (MT7921AU, MT7986 WiSoC)
     * Add support for CCMP-256 and GCMP-256 ciphers     * Add support for CCMP-256 and GCMP-256 ciphers
-  * uhttpd: fix incorrectly emitting HTTP 413 for certain content lengths +  * uhttpd: Fix incorrectly emitting HTTP 413 for certain content lengths 
-  * gcc: import patch fixing asm machine directive for powerpc+  * gcc: Import patch fixing asm machine directive for powerpc
  
 ==== Core components update ==== ==== Core components update ====
Line 144: Line 146:
   * Update wolfssl from 5.5.1 to 5.5.4   * Update wolfssl from 5.5.1 to 5.5.4
   * Update util-linux from 2.37.3 to 2.37.4   * Update util-linux from 2.37.3 to 2.37.4
 +  * Update firewall4 from 2022-10-14 to 2022-10-18 
 +  * Update odhcpd from 2022-03-22 to 2023-01-02 
 +  * Update uhttpd from 2022-08-12 to 2022-10-31  
 +  * Update iwinfo from 2022-08-19 to 2022-12-15 
 +  * Update ucode from 2022-10-07 to 2022-12-02
  
 ===== Upgrading to 22.03.3 =====  ===== Upgrading to 22.03.3 ===== 
Line 157: Line 163:
 ===== Known issues ===== ===== Known issues =====
  
-  * **Boot hang with firewall4 and loadfile:** When using a firewall configuration declaring ''config ipset'' sections in conjunction with an ''option loadfile'' entry, the ''fw4'' process will hang and prevent the system startup to complete. To solve this issue, boot the system into [[docs:guide-user:troubleshooting:failsafe_and_factory_reset#entering_failsafe_mode|failsafe mode]] and temporarily disable any ''loadfile'' option. Proceed with a normal system reboot, upgrade the ''firewall4'' package to version "2022-10-18-7ae5e14b-1" or later using ''opkg update; opkg upgrade firewall4'' and re-enable any previously disabled ''option loadfile'' entries.+None so far
  
 See [[:bugs|reporting bugs]] if you encounter issues with this release. See [[:bugs|reporting bugs]] if you encounter issues with this release.
  • Last modified: 2023/01/10 19:53
  • by hauke